mirai | ca87a3ca2761ca572ac23a7c6ef66a4f83976f334489bb6df823a1bf22e63dc4 | Triage

Sharing

General

Target

tamkjll.x86_64.elf
Size

79KB
Sample

220926-rb5agsbac8
MD5

4a865a3d87e0824e137d0e5f6bffb2c2
SHA1

ef71750fe8afeae9d0c0a0ebb463f1b28058b489
SHA256

ca87a3ca2761ca572ac23a7c6ef66a4f83976f334489bb6df823a1bf22e63dc4
SHA512

390c6074cfe94c34e3f19221812124a557a1f0bb1775a8b13c4bf9c79a1341d3501b890c4eda9bd63ece343df73bc048d7f452719cfc23611c3aa6cb39bc0025
SSDEEP

1536:a8uepVCfrxgeHce0xiCKigGYa+Kcybyu8HT600RoRVsFJysSU50V:aaVOrxgeHJ6iCKigGT7cE6HO0JRVsCsi

Score

10^/10

mirai mirai linux

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

C2

attack.tamkjll.com

Targets

- Target
  
  tamkjll.x86_64.elf
- Size
  
  79KB
- MD5
  
  4a865a3d87e0824e137d0e5f6bffb2c2
- SHA1
  
  ef71750fe8afeae9d0c0a0ebb463f1b28058b489
- SHA256
  
  ca87a3ca2761ca572ac23a7c6ef66a4f83976f334489bb6df823a1bf22e63dc4
- SHA512
  
  390c6074cfe94c34e3f19221812124a557a1f0bb1775a8b13c4bf9c79a1341d3501b890c4eda9bd63ece343df73bc048d7f452719cfc23611c3aa6cb39bc0025
- SSDEEP
  
  1536:a8uepVCfrxgeHce0xiCKigGYa+Kcybyu8HT600RoRVsFJysSU50V:aaVOrxgeHJ6iCKigGT7cE6HO0JRVsCsi
Score

7^/10
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1